Taking the Risk Out of Risk Assessment 


Computer Technology 90 


Originating Technology/ 

NASA Contribution 

T he ability to understand risks and have the 
right strategies in place when risky events occur 
is essential in the workplace. More and more 
organizations are being confronted with concerns over 
how to measure their risks or what kind of risks they 
can take when certain events transpire that could have 
a negative impact. 

NASA is one organization that faces these challenges 
on a daily basis, as effective risk management is critical 
to the success of its missions — especially the Space 
Shuttle missions. 

On July 29, 1996, former NASA Administrator Daniel 
Goldin charged NASA’s Office of Safety and Mission 
Assurance with developing a probabilistic risk assessment 
(PRA) tool to support decisions on the funding of Space 
Shuttle upgrades. When issuing the directive, Goldin 
said, “Since I came to NASA [in 1992], we’ve spent bil- 
lions of dollars on Shuttle upgrades without knowing 
how much they improve safety. I want a tool to help 
base upgrade decisions on risk.” Work on the PRA tool 
began immediately. 

The resulting prototype, the Quantitative Risk 
Assessment System (QRAS) Version 1.0, was jointly 
developed by NASA’s Marshall Space Flight Center, its 
Office of Safety and Mission Assurance, and researchers 
at the University of Maryland. QRAS software auto- 
matically expands the reliability logic models of systems 
to evaluate the probability of highly detrimental outcomes 
occurring in complex systems that are subject to potential 
accident scenarios. 

Even in its earliest forms, QRAS was used to begin 
PRA modeling of the Space Shuttle. In parallel, the devel- 
opment of QRAS continued, with the goal of making it a 
world-class tool, one that was especially suited to NASA’s 
unique needs. From the beginning, an important con- 
ceptual goal in the development of QRAS was for it to 


help bridge the gap between the professional risk analyst 
and the design engineer. In the past, only the professional 
risk analyst could perform, modify, use, and perhaps even 
adequately understand PRA. NASA wanted to change this 
by developing a PRA tool that would be friendlier, more 
understandable, and more useful to the broader engineer- 
ing community. This concept ultimately led to the look, 
feel, and functionality that QRAS has today. 


Partnership 

In July 2003, Item Software (USA) Inc., of Anaheim, 
California, received an exclusive license for the QRAS 
software. The company is a leader in providing software 
solutions and services for reliability, availability, maintain- 
ability, safety, quality assurance, and risk assessment to 
government and commercial customers in aerospace and 



The Quantitative Risk Assessment System (QRAS) is a comprehensive tool for conducting probabilistic risk assessment. 
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other industries. It built on the already-state-of-the-art 
features of QRAS, preparing the software for commercial 
sale as part of its suite of software and associated services. 
As part of the commercialization and distribution of 
QRAS, Item Software also supplies support and training. 

The license provides the basis for a potential partner- 
ship between NASA and Item Software for the future 
extension and deployment of QRAS and related software, 
as may be needed for NASA purposes. 

Product Outcome 

Item Software developed the first commercialized ver- 
sion of QRAS and released it in January 2005. The new, 
enhanced QRAS 1.80 provides a cohesive and simple-yet- 
powerful platform for system risk assessment, through 
a large range of failure probability characterizations for 
engineering and scenario-driven applications. 

The software builds a risk model of a system or a 
scenario for which risk of failure is being assessed, then 
analyzes the associated risk to the risk model. It can then 
be used to perform sensitivity analysis of the risk model 
by altering fundamental components and quantification 
models. During this stage, a fixed baseline is constructed 
and stored. This baseline contains the solutions for the 
lowest level scenarios, preserved in an event tree structure. 
The analysis, at any level of the hierarchy, aggregates these 
baseline results for risk quantitative computation as well 
as ranking of a particular risk. 

The commercial version introduces substantial 
enhancements and includes many new features not seen 
in the original version. For example, it contains fault 
tree analysis, a deductive procedure for determining the 
various combinations of hardware and software failures, 
plus human errors that could result in the occurrence of 
specified undesired events. Fault tree analysis is one of the 
most widely used methods in system reliability analysis. 

A new fault tree editor with extensive editing and 
user-friendly features was also added to the commercial 
version to allow users to effortlessly create, review, and 


analyze multiple fault trees simultaneously. The fault trees 
created with the fault tree editor can be attached to the 
event sequence diagram (ESD) in QRAS projects. An 
ESD is a visual representation of a set of possible outcome 
scenarios originating from an event. Each scenario in an 
ESD consists of a unique sequence of pivotal events, and 
eventually leads to an end-state that designates the severity 
of the outcome of a particular scenario. 

QRAS assesses risk at the failure mode, subsystem, and 
element (i.e., a group of subsystems) levels, based upon 
user-supplied quantification of failure models, event 
sequence system decompositions, and system operating 
time. It provides users with structured guidance so man- 
agers, engineers, and even individuals who may not be 
experienced in the field of risk assessment can use it. 

Overall, the QRAS software’s unique, patented PRA 
capabilities assist risk analysts in modeling deviations from 
a system’s nominal functions, the timing and likelihood 
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of such deviations, potential consequences, and scenarios 
leading from initial deviations to such consequences. 

The U.S. Department of Homeland Security, The 
Boeing Company, Booz Allen Hamilton, Inc., ITT 
Industries, Inc., the European Space Agency, and the 
China National Space Administration are just some of the 
entities evaluating QRAS for their risk assessment needs. 

Those currently employing it — other than NASA — 
include the Canadian Space Agency, AES Corporation, 
and Harvard Medical School. At Harvard Medical 
School’s major teaching hospital, Beth Israel Deaconess 
Medical School Center, QRAS is being utilized to 
determine the health care risk associated with general 
surgical processes and surgical devise use, pharmaceuti- 
cal ordering, transfusion services, and organ procurement 
and transplantation. 

Other examples of application include determining the 
probability of airplane crashes arising from factors such 
as engine failure, avionics failure, or 
human-failure at the air control tower; 
and train collisions caused by failures in 
train-signaling systems. ♦♦♦ 
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QRAS provides a full graphical user 
interface, including fault tree editors and 
event sequence diagrams, plus analysis 
screens that provide results in tabular 
and graphical formats. The screen to the 
left portrays System Hierarchy Mission 
Phase and event sequence diagrams that 
are used to determine the consequence 
of an initiating event and the expected 
frequency of each consequence. For 
example, a leak in an aircraft fuel system 
could result in the following user-defined 
end states: Mission Success (MS) if the 
leak is repaired, or Loss of Mission (LOM), 
Loss of Crew and Vehicle (LOCV), or 
Mission Failure (MF). 





